roles/common/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

---

- name: Update apt cache
  apt: update_cache=yes cache_valid_time=3600
  tags:
    - dependencies

- name: Upgrade all safe packages
  apt: upgrade=safe
  tags:
    - dependencies

- name: Install necessities and nice-to-haves
  apt:
    state: present
    name:
      # fail2ban in security
      # rkhunter in security
      - apt-transport-https
      - apticron
      - aptitude
      - bash-completion
      - bzip2
      - ca-certificates
      - curl
      - debian-goodies
      - dialog
      - dnsutils
      - dstat
      - etckeeper
      - fd-find
      - file
      - git
      - htop
      - httpie
      - iftop
      - ifupdown
      - iotop
      - iproute
      - iputils-ping
      - isc-dhcp-client
      - jq
      - less
      - libui-dialog-perl
      - lnav
      - locales
      - locales-all
      - lsof
      - lvm2
      - man-db
      - manpages-dev
      - molly-guard
      - moreutils
      - mosh
      - mtr-tiny
      - net-tools
      - netbase
      - netcat
      - ngrep
      - openssh-server
      - openssl
      - parallel
      - pigz
      - pv
      - python3
      - python3-software-properties
      - ripgrep
      - screen
      - sqlite3
      - sudo
      - tcpdump
      - tree
      - unattended-upgrades
      - unzip
      - util-linux
      - vim-nox
      - wget
      - zip
  tags:
    - dependencies

- name: Create /srv directory
  file: path=/srv
        state=directory
        owner=root
        group=root
        mode=0775

- name: timezone - configure /etc/timezone
  copy:
    content: "{{ common_timezone | regex_replace('$', '\n') }}"
    dest: /etc/timezone
    owner: root
    group: root
    mode: 0644
  register: common_timezone_config

- name: timezone - Set localtime to UTC
  file: src=/usr/share/zoneinfo/Etc/UTC dest=/etc/localtime
  when: common_timezone_config.changed

- name: timezone - reconfigure tzdata
  command: dpkg-reconfigure --frontend noninteractive tzdata
  when: common_timezone_config.changed

- name: Apticron email configuration
  template: src=apticron.conf.j2 dest=/etc/apticron/apticron.conf

- name: gitconfig for root user (etckeeper will complain)
  template: src=root_gitconfig.j2 dest=/root/.gitconfig

#- include: users.yml tags=users
- include: security.yml tags=security
- include: ntp.yml tags=ntp
- include: extrapkg.yml tags=extrapkg